CVE-2024-10835

CRITICAL

db-gpt < 0.7.1 - Unauthenticated Arbitrary File Write and Remote Code Execution via SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-10835. PoCs published by 6jeffr3y.

AI-analyzed exploit summary This repository contains a functional Python-based PoC for CVE-2024-10835, demonstrating unauthenticated information disclosure and SQL execution in DBGPT. The exploit targets specific API endpoints to leak database credentials and execute arbitrary SQL queries.

Description

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the victim's file system. This can potentially lead to Remote Code Execution (RCE).

Exploits (1)

nomisec WORKING POC
by 6jeffr3y · poc
https://github.com/6jeffr3y/CNVD-2026-12436-and-CVE-2024-10835

This repository contains a functional Python-based PoC for CVE-2024-10835, demonstrating unauthenticated information disclosure and SQL execution in DBGPT. The exploit targets specific API endpoints to leak database credentials and execute arbitrary SQL queries.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: DBGPT
No auth needed
Prerequisites: Python 3.x · requests library · target DBGPT server URL
devstral-2 · analyzed Mar 04, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0152
EPSS Percentile 81.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
dbgpt/db-gpt 0.6.0
pypi/dbgpt 0 - 0.7.1PyPI
Published Mar 20, 2025
Tracked Since Feb 18, 2026